curl[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

curl.exe
Size

487KB
MD5

dbd30d70fcdae1fd343ddad5c55c4e78
SHA1

59e081bed369ac6034f628c64b8a73531bedb6e2
SHA256

e6f66d659242aa7d6dd3c1967714c6cd3e0b11aaa235e7f7a150a3316dae8e61
SHA512

5b6249097119478eb9cf75dec1c7f855d922af004fcc8c73dd78bb1a469f0ff9adbefdc485f4ba8bf1457ebdb517111c3b8d95ded3f2d169fc8f3b95019dc446
SSDEEP

12288:8MbDg2m64G/jWBNYqc7a2E8rEzE5ggc2IKNo9:8Mbc6X/EYJE8rEzgggHIOo9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
curl.exe

Files

curl.exe
.exe windows x86

66e86c833873dbb82bdb3d7f9bbe6dc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SearchPathW
GetEnvironmentVariableA

api-ms-win-core-file-l1-1-0

SetEndOfFile
GetFileSizeEx
GetFileTime
GetFileType
ReadFile
CreateFileW
SetFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW

api-ms-win-core-toolhelp-l1-1-0

Module32FirstW
CreateToolhelp32Snapshot
Module32NextW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleA
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount

ws2_32

ioctlsocket
gethostname
inet_ntop
inet_pton
WSAEnumNetworkEvents
getsockopt
WSAWaitForMultipleEvents
send
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent
getaddrinfo
freeaddrinfo
htonl
WSAStartup
__WSAFDIsSet
listen
recvfrom
WSACleanup
ntohs
WSASetLastError
WSAGetLastError
sendto
bind
getpeername
getsockname
closesocket
connect
recv
setsockopt
WSAIoctl
htons
socket
select
accept

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
SleepEx
WaitForSingleObjectEx

api-ms-win-core-localization-l1-2-0

FormatMessageW
IdnToAscii

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

bcrypt

BCryptGenRandom

api-ms-win-security-cryptoapi-l1-1-0

CryptHashData
CryptAcquireContextW
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

crypt32

CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CertCloseStore
CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateContext
CertFreeCertificateChain
CertOpenStore
CertGetNameStringW
CertFindExtension
CertCreateCertificateChainEngine
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-crt-heap-l1-1-0

calloc
realloc
_set_new_mode
malloc
free

api-ms-win-crt-stdio-l1-1-0

ferror
fseek
getc
fread
__stdio_common_vsscanf
_get_osfhandle
_lseeki64
__p__commode
_set_fmode
puts
fputs
fwrite
fflush
fputc
fgets
__acrt_iob_func
feof
freopen
__stdio_common_vfprintf
_wopen
_fileno
ftell
_wfopen
_setmode
_isatty
__stdio_common_vsprintf
_close
_read
_write
fclose

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_gmtime64
_time64

api-ms-win-crt-convert-l1-1-0

wcstombs
strtol
strtod
strtoll
atoi
strtoul

api-ms-win-crt-runtime-l1-1-0

__sys_errlist
__sys_nerr
_initterm
abort
_get_initial_wide_environment
_initialize_wide_environment
_beginthreadex
_configure_wide_argv
exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_controlfp_s
_initialize_onexit_table
terminate
_exit
_errno
strerror
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-string-l1-1-0

_wcsdup
strtok
strpbrk
strncpy
strncmp
wcsncpy
wcsncmp
strcspn
_stricmp
_strdup
strspn
wcspbrk

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_waccess
_fstat64
_wstat64
_unlink

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-utility-l1-1-0

qsort

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsGetValue
TlsSetValue
TlsAlloc

api-ms-win-crt-math-l1-1-0

_fdopen
__setusermatherr

api-ms-win-crt-conio-l1-1-0

_getch

Sections

.text
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66e86c833873dbb82bdb3d7f9bbe6dc9

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-console-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

ws2_32

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-synch-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

bcrypt

api-ms-win-security-cryptoapi-l1-1-0

crypt32

api-ms-win-core-file-l2-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

kernel32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 355KB - Virtual size: 354KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 1024B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 355KB - Virtual size: 354KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 21KB